gitlabFork/ISPConfig3.git - Solinfo Gitblit

Merge remote-tracking branch 'ispc/stable-3.0.5' into stable-3.0.5

Marius Cramer

2014-08-13 42539643c396f9d8865dcf9a51b13dc869709d16

commit \| author \| age
d83fcf	1	<?php
T	2
	3	/*
436ed8	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
d83fcf	5	All rights reserved.
T	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
a61345	31	class mysql_clientdb_plugin {
7fe908	32
a61345	33	var $plugin_name = 'mysql_clientdb_plugin';
T	34	var $class_name = 'mysql_clientdb_plugin';
7fe908	35
392450	36	//* This function is called during ispconfig installation to determine
T	37	// if a symlink shall be created for this plugin.
	38	function onInstall() {
	39	global $conf;
7fe908	40
392450	41	if($conf['services']['db'] == true) {
T	42	return true;
	43	} else {
	44	return false;
	45	}
7fe908	46
392450	47	}
7fe908	48
MC	49
d83fcf	50	/*
T	51	This function is called when the plugin is loaded
	52	*/
7fe908	53
d83fcf	54	function onLoad() {
T	55	global $app;
7fe908	56
d83fcf	57	/*
T	58	Register for the events
	59	*/
7fe908	60
acf18c	61	//* Databases
7fe908	62	$app->plugins->registerEvent('database_insert', $this->plugin_name, 'db_insert');
MC	63	$app->plugins->registerEvent('database_update', $this->plugin_name, 'db_update');
	64	$app->plugins->registerEvent('database_delete', $this->plugin_name, 'db_delete');
	65
acf18c	66	//* Database users
7fe908	67	$app->plugins->registerEvent('database_user_insert', $this->plugin_name, 'db_user_insert');
MC	68	$app->plugins->registerEvent('database_user_update', $this->plugin_name, 'db_user_update');
	69	$app->plugins->registerEvent('database_user_delete', $this->plugin_name, 'db_user_delete');
	70
	71
d83fcf	72	}
7fe908	73
MC	74	function process_host_list($action, $database_name, $database_user, $database_password, $host_list, $link, $database_rename_user = '', $user_read_only = false) {
cc6568	75	global $app;
7fe908	76
MC	77	$action = strtoupper($action);
	78
cc6568	79	// set to all hosts if none given
H	80	if(trim($host_list) == '') $host_list = '%';
7fe908	81
MC	82	// process arrays and comma separated strings
	83	if(!is_array($host_list)) $host_list = explode(',', $host_list);
	84
	85	$success = true;
51569e	86	if(!preg_match('/\*[A-F0-9]{40}$/', $database_password)) {
MC	87	$result = $link->query("SELECT PASSWORD('" . $link->escape_string($database_password) . "') as `crypted`");
	88	if($result) {
	89	$row = $result->fetch_assoc();
	90	$database_password = $row['crypted'];
	91	$result->free();
	92	}
	93	}
7fe908	94	// loop through hostlist
MC	95	foreach($host_list as $db_host) {
	96	$db_host = trim($db_host);
	97
	98	$app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG);
	99
	100	// check if entry is valid ip address
	101	$valid = true;
	102	if($db_host == '%' \|\| $db_host == 'localhost') {
	103	$valid = true;
	104	} elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
	105	$groups = explode('.', $db_host);
	106	foreach($groups as $group){
	107	if($group<0 or $group>255)
	108	$valid=false;
	109	}
	110	} else {
	111	$valid = false;
	112	}
	113
	114	if($valid == false) continue;
	115
	116	if($action == 'GRANT') {
	117	if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
	118	$app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
	119	} elseif($action == 'REVOKE') {
	120	if(!$link->query("REVOKE ALL PRIVILEGES ON ".$link->escape_string($database_name).".* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
	121	} elseif($action == 'DROP') {
	122	if(!$link->query("DROP USER '".$link->escape_string($database_user)."'@'$db_host';")) $success = false;
	123	} elseif($action == 'RENAME') {
	124	if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;
	125	} elseif($action == 'PASSWORD') {
	126	if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."';")) $success = false;
	127	}
	128	}
	129
	130	return $success;
	131	}
	132
	133	function drop_or_revoke_user($database_id, $user_id, $host_list){
	134	global $app;
	135
	136	// set to all hosts if none given
	137	if(trim($host_list) == '') $host_list = '%';
	138
cc6568	139	$db_user_databases = $app->db->queryAllRecords("SELECT * FROM web_database WHERE (database_user_id = ".$user_id." OR database_ro_user_id = ".$user_id.") AND active = 'y' AND database_id != ".$database_id);
H	140	$db_user_host_list = array();
	141	if(is_array($db_user_databases) && !empty($db_user_databases)){
	142	foreach($db_user_databases as $db_user_database){
	143	if($db_user_database['remote_access'] == 'y'){
	144	if($db_user_database['remote_ips'] == ''){
	145	$db_user_host_list[] = '%';
	146	} else {
	147	$tmp_remote_ips = explode(',', $db_user_database['remote_ips']);
	148	if(is_array($tmp_remote_ips) && !empty($tmp_remote_ips)){
	149	foreach($tmp_remote_ips as $tmp_remote_ip){
	150	$tmp_remote_ip = trim($tmp_remote_ip);
	151	if($tmp_remote_ip != '') $db_user_host_list[] = $tmp_remote_ip;
	152	}
	153	}
	154	unset($tmp_remote_ips);
	155	}
	156	}
	157	$db_user_host_list[] = 'localhost';
	158	}
	159	}
	160	$host_list_arr = explode(',', $host_list);
	161	//print_r($host_list_arr);
	162	$drop_hosts = array_diff($host_list_arr, $db_user_host_list);
	163	//print_r($drop_hosts);
	164	$revoke_hosts = array_diff($host_list_arr, $drop_hosts);
	165	//print_r($revoke_hosts);
7fe908	166
cc6568	167	$drop_host_list = implode(',', $drop_hosts);
H	168	$revoke_host_list = implode(',', $revoke_hosts);
	169	//echo $drop_host_list."\n";
	170	//echo $revoke_host_list."\n";
	171	return array('revoke_hosts' => $revoke_host_list, 'drop_hosts' => $drop_host_list);
	172	}
7fe908	173
MC	174	function db_insert($event_name, $data) {
d83fcf	175	global $app, $conf;
7fe908	176
663caf	177	if($data['new']['type'] == 'mysql') {
7fe908	178	if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
MC	179	$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
7c99ef	180	return;
d83fcf	181	}
7fe908	182
d83fcf	183	//* Connect to the database
1d8f7f	184	$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
a7cb2b	185	if ($link->connect_error) {
7fe908	186	$app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR);
a61345	187	return;
d83fcf	188	}
be9816	189
R	190	// Charset for the new table
663caf	191	if($data['new']['database_charset'] != '') {
7fe908	192	$query_charset_table = ' DEFAULT CHARACTER SET '.$data['new']['database_charset'];
be9816	193	} else {
7fe908	194	$query_charset_table = '';
be9816	195	}
R	196
d83fcf	197	//* Create the new database
1d8f7f	198	if ($link->query('CREATE DATABASE '.$link->escape_string($data['new']['database_name']).$query_charset_table)) {
7fe908	199	$app->log('Created MySQL database: '.$data['new']['database_name'], LOGLEVEL_DEBUG);
d83fcf	200	} else {
7fe908	201	$app->log('Unable to create the database: '.$link->error, LOGLEVEL_WARNING);
d83fcf	202	}
7fe908	203
abad78	204	// Create the database user if database is active
663caf	205	if($data['new']['active'] == 'y') {
7fe908	206
MC	207	// get the users for this database
	208	$db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");
	209
	210	$db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");
	211
	212	$host_list = '';
	213	if($data['new']['remote_access'] == 'y') {
	214	$host_list = $data['new']['remote_ips'];
	215	if($host_list == '') $host_list = '%';
	216	}
	217	if($host_list != '') $host_list .= ',';
	218	$host_list .= 'localhost';
	219
	220	if($db_user) {
	221	if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	222	else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
	223	}
	224	if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
	225	if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	226	else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
	227	}
	228
d83fcf	229	}
7fe908	230
1d8f7f	231	$link->query('FLUSH PRIVILEGES;');
N	232	$link->close();
d83fcf	233	}
T	234	}
7fe908	235
MC	236	function db_update($event_name, $data) {
d83fcf	237	global $app, $conf;
7fe908	238
cc6568	239	// skip processing if database was and is inactive
H	240	if($data['new']['active'] == 'n' && $data['old']['active'] == 'n') return;
7fe908	241
663caf	242	if($data['new']['type'] == 'mysql') {
7fe908	243	if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
MC	244	$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
a61345	245	return;
d83fcf	246	}
7fe908	247
d83fcf	248	//* Connect to the database
1d8f7f	249	$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
a7cb2b	250	if ($link->connect_error) {
7fe908	251	$app->log('Unable to connect to the database: '.$link->connect_error, LOGLEVEL_ERROR);
88d899	252	return;
d83fcf	253	}
7fe908	254
MC	255	// get the users for this database
	256	$db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");
	257	$old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");
	258
	259	$db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");
	260	$old_db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_ro_user_id']) . "'");
	261
	262	$host_list = '';
	263	if($data['new']['remote_access'] == 'y') {
	264	$host_list = $data['new']['remote_ips'];
	265	if($host_list == '') $host_list = '%';
	266	}
	267	if($host_list != '') $host_list .= ',';
	268	$host_list .= 'localhost';
	269
cc6568	270	// REVOKES and DROPS have to be done on old host list, not new host list
H	271	$old_host_list = '';
7fe908	272	if($data['old']['remote_access'] == 'y') {
MC	273	$old_host_list = $data['old']['remote_ips'];
	274	if($old_host_list == '') $old_host_list = '%';
abad78	275	}
7fe908	276	if($old_host_list != '') $old_host_list .= ',';
MC	277	$old_host_list .= 'localhost';
	278
	279	// Create the database user if database was disabled before
51569e	280	if($data['new']['active'] == 'y') {
7fe908	281	if($db_user) {
MC	282	if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	283	else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
	284	}
	285	if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
	286	if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	287	else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
	288	}
	289	} else if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive
	290	if($old_db_user) {
	291	if($old_db_user['database_user'] == 'root'){
	292	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	293	} else {
cc6568	294	// Find out users to drop and users to revoke
615a0a	295	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
T	296	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	297	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
7fe908	298
MC	299
	300	//$this->process_host_list('DROP', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $old_host_list, $link);
	301	//$this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $old_host_list, $link);
	302	}
	303	}
	304	if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
	305	if($old_db_ro_user['database_user'] == 'root'){
	306	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	307	} else {
	308	// Find out users to drop and users to revoke
	309	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
	310	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	311	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
	312
	313	//$this->process_host_list('DROP', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $old_host_list, $link);
	314	//$this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $old_host_list, $link);
	315	}
	316	}
	317	// Database is not active, so stop processing here
	318	$link->query('FLUSH PRIVILEGES;');
	319	$link->close();
	320	return;
	321	}
	322
	323	//* selected Users have changed
	324	if($data['new']['database_user_id'] != $data['old']['database_user_id']) {
	325	if($data['old']['database_user_id'] && $data['old']['database_user_id'] != $data['new']['database_ro_user_id']) {
	326	if($old_db_user) {
	327	if($old_db_user['database_user'] == 'root'){
	328	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	329	} else {
	330	// Find out users to drop and users to revoke
	331	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
	332	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	333	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
	334
cc6568	335	//$this->process_host_list('DROP', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
H	336	//$this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
	337	}
7fe908	338	}
MC	339	}
	340	if($db_user) {
	341	if($db_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	342	else $this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $host_list, $link);
	343	}
	344	}
	345	if($data['new']['database_ro_user_id'] != $data['old']['database_ro_user_id']) {
	346	if($data['old']['database_ro_user_id'] && $data['old']['database_ro_user_id'] != $data['new']['database_user_id']) {
	347	if($old_db_ro_user) {
	348	if($old_db_ro_user['database_user'] == 'root'){
	349	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	350	} else {
cc6568	351	// Find out users to drop and users to revoke
615a0a	352	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
T	353	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	354	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
7fe908	355
cc6568	356	//$this->process_host_list('DROP', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
H	357	//$this->process_host_list('REVOKE', $data['new']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $old_host_list, $link);
	358	}
7fe908	359	}
MC	360	}
	361	if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
	362	if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	363	else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', true);
	364	}
	365	}
	366
d83fcf	367	//* Remote access option has changed.
663caf	368	if($data['new']['remote_access'] != $data['old']['remote_access']) {
7fe908	369
673365	370	//* revoke old priveliges
eece36	371	//mysql_query("REVOKE ALL PRIVILEGES ON ".mysql_real_escape_string($data["new"]["database_name"],$link).".* FROM '".mysql_real_escape_string($data["new"]["database_user"],$link)."';",$link);
7fe908	372
673365	373	//* set new priveliges
7fe908	374	if($data['new']['remote_access'] == 'y') {
MC	375	if($db_user) {
	376	if($db_user['database_user'] == 'root'){
	377	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	378	} else {
cc6568	379	$this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link);
H	380	}
7fe908	381	}
MC	382	if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
	383	if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	384	else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true);
	385	}
d83fcf	386	} else {
7fe908	387	if($old_db_user) {
MC	388	if($old_db_user['database_user'] == 'root'){
	389	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	390	} else {
cc6568	391	// Find out users to drop and users to revoke
615a0a	392	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']);
T	393	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	394	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
7fe908	395
cc6568	396	//$this->process_host_list('DROP', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['old']['remote_ips'], $link);
H	397	//$this->process_host_list('REVOKE', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['old']['remote_ips'], $link);
	398	}
7fe908	399	}
MC	400	if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
	401	if($old_db_ro_user['database_user'] == 'root'){
	402	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	403	} else {
cc6568	404	// Find out users to drop and users to revoke
615a0a	405	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $data['old']['remote_ips']);
T	406	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	407	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
7fe908	408
cc6568	409	//$this->process_host_list('DROP', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['old']['remote_ips'], $link);
H	410	//$this->process_host_list('REVOKE', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['old']['remote_ips'], $link);
	411	}
7fe908	412	}
d83fcf	413	}
7fe908	414	$app->log('Changing MySQL remote access privileges for database: '.$data['new']['database_name'], LOGLEVEL_DEBUG);
663caf	415	} elseif($data['new']['remote_access'] == 'y' && $data['new']['remote_ips'] != $data['old']['remote_ips']) {
7fe908	416	//* Change remote access list
MC	417	if($old_db_user) {
	418	if($old_db_user['database_user'] == 'root'){
	419	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	420	} else {
615a0a	421	// Find out users to drop and users to revoke
T	422	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']);
	423	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	424	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
7fe908	425	}
MC	426	}
	427	if($db_user) {
	428	if($db_user['database_user'] == 'root'){
	429	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	430	} else {
	431	$this->process_host_list('GRANT', $data['new']['database_name'], $db_user['database_user'], $db_user['database_password'], $data['new']['remote_ips'], $link);
	432	}
	433	}
	434
	435	if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
	436	if($old_db_ro_user['database_user'] == 'root'){
	437	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	438	} else {
615a0a	439	// Find out users to drop and users to revoke
T	440	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']);
	441	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	442	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
7fe908	443	}
MC	444	}
	445
	446	if($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
	447	if($db_ro_user['database_user'] == 'root'){
	448	$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
	449	} else {
	450	$this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $data['new']['remote_ips'], $link, '', true);
	451	}
	452	}
cc6568	453	}
7fe908	454
MC	455
1d8f7f	456	$link->query('FLUSH PRIVILEGES;');
N	457	$link->close();
d83fcf	458	}
7fe908	459
d83fcf	460	}
7fe908	461
MC	462	function db_delete($event_name, $data) {
d83fcf	463	global $app, $conf;
7fe908	464
663caf	465	if($data['old']['type'] == 'mysql') {
7fe908	466	if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
MC	467	$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
a61345	468	return;
d83fcf	469	}
7fe908	470
d83fcf	471	//* Connect to the database
1d8f7f	472	$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
N	473	if ($link->connect_error) {
7fe908	474	$app->log('Unable to connect to mysql: '.$link->connect_error, LOGLEVEL_ERROR);
88d899	475	return;
d83fcf	476	}
7fe908	477
615a0a	478	$old_host_list = '';
7fe908	479	if($data['old']['remote_access'] == 'y') {
MC	480	$old_host_list = $data['old']['remote_ips'];
	481	if($old_host_list == '') $old_host_list = '%';
614365	482	}
7fe908	483	if($old_host_list != '') $old_host_list .= ',';
MC	484	$old_host_list .= 'localhost';
	485
	486	if($data['old']['database_user_id']) {
	487	$old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");
	488	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
	489	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	490	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
	491	}
	492	if($data['old']['database_ro_user_id']) {
	493	$old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_ro_user_id']) . "'");
	494	$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
	495	if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
	496	if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
	497	}
	498
	499
	500	if($link->query('DROP DATABASE '.$link->escape_string($data['old']['database_name']))) {
	501	$app->log('Dropping MySQL database: '.$data['old']['database_name'], LOGLEVEL_DEBUG);
	502	} else {
	503	$app->log('Error while dropping MySQL database: '.$data['old']['database_name'].' '.$link->error, LOGLEVEL_WARNING);
	504	}
	505
1d8f7f	506	$link->query('FLUSH PRIVILEGES;');
N	507	$link->close();
d83fcf	508	}
7fe908	509
MC	510
d83fcf	511	}
7fe908	512
MC	513
	514	function db_user_insert($event_name, $data) {
acf18c	515	global $app, $conf;
381520	516	// we have nothing to do here, stale user accounts are useless ;)
acf18c	517	}
7fe908	518
MC	519	function db_user_update($event_name, $data) {
acf18c	520	global $app, $conf;
7fe908	521
MC	522	if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
	523	$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
	524	return;
	525	}
	526
	527	//* Connect to the database
	528	$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
	529	if ($link->connect_error) {
	530	$app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR);
	531	return;
	532	}
	533
	534
	535	if($data['old']['database_user'] == $data['new']['database_user'] && ($data['old']['database_password'] == $data['new']['database_password'] \|\| $data['new']['database_password'] == '')) {
	536	return;
	537	}
	538
	539
	540	$host_list = array('localhost');
	541	// get all databases this user was active for
	542	$db_list = $app->db->queryAllRecords("SELECT `remote_access`, `remote_ips` FROM `web_database` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");
	543	if(count($db_list) < 1) return; // nothing to do on this server for this db user
	544
	545	foreach($db_list as $database) {
	546	if($database['remote_access'] != 'y') continue;
	547
	548	if($database['remote_ips'] != '') $ips = explode(',', $database['remote_ips']);
	549	else $ips = array('%');
	550
	551	foreach($ips as $ip) {
	552	$ip = trim($ip);
	553	if(!in_array($ip, $host_list)) $host_list[] = $ip;
	554	}
	555	}
	556
	557	foreach($host_list as $db_host) {
	558	if($data['new']['database_user'] != $data['old']['database_user']) {
381520	559	$link->query("RENAME USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host' TO '".$link->escape_string($data['new']['database_user'])."'@'$db_host'");
7fe908	560	$app->log('Renaming MySQL user: '.$data['old']['database_user'].' to '.$data['new']['database_user'], LOGLEVEL_DEBUG);
381520	561	}
M	562
bfcdef	563	if($data['new']['database_password'] != $data['old']['database_password'] && $data['new']['database_password'] != '') {
43b345	564	$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
7fe908	565	$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host, LOGLEVEL_DEBUG);
381520	566	}
7fe908	567	}
MC	568
	569	$link->query('FLUSH PRIVILEGES;');
	570	$link->close();
	571
acf18c	572	}
7fe908	573
MC	574	function db_user_delete($event_name, $data) {
acf18c	575	global $app, $conf;
7fe908	576
MC	577	if(!include ISPC_LIB_PATH.'/mysql_clientdb.conf') {
	578	$app->log('Unable to open'.ISPC_LIB_PATH.'/mysql_clientdb.conf', LOGLEVEL_ERROR);
	579	return;
	580	}
	581
	582	//* Connect to the database
	583	$link = new mysqli($clientdb_host, $clientdb_user, $clientdb_password);
	584	if ($link->connect_error) {
	585	$app->log('Unable to connect to mysql'.$link->connect_error, LOGLEVEL_ERROR);
	586	return;
	587	}
	588
	589	$host_list = array();
	590	// read all mysql users with this username
	591	$result = $link->query("SELECT `User`, `Host` FROM `mysql`.`user` WHERE `User` = '" . $link->escape_string($data['old']['database_user']) . "' AND `Create_user_priv` = 'N'"); // basic protection against accidently deleting system users like debian-sys-maint
	592	if($result) {
	593	while($row = $result->fetch_assoc()) {
	594	$host_list[] = $row['Host'];
	595	}
	596	$result->free();
	597	}
	598
	599	foreach($host_list as $db_host) {
	600	if($link->query("DROP USER '".$link->escape_string($data['old']['database_user'])."'@'$db_host';")) {
	601	$app->log('Dropping MySQL user: '.$data['old']['database_user'], LOGLEVEL_DEBUG);
	602	}
	603	}
	604
	605	$link->query('FLUSH PRIVILEGES;');
	606	$link->close();
acf18c	607	}
7fe908	608
d83fcf	609	} // end class
T	610
663caf	611	?>